Customizing Error Handling

SuperTokens session recipie can throw the following errors:#

Unauthorised error#

Thrown when a protected backend API is accessed without a session.
The default bahaviour of this is to clear session cookies (if any) and send a 401 to the frontend.

NodeJS
GoLang
Python

let SuperTokens = require("supertokens-node");let Session = require("supertokens-node/recipe/session");
SuperTokens.init({    supertokens: {...},    appInfo: {...},    recipeList: [        Session.init({            errorHandlers: {                onUnauthorised?: (message, request, response) => {                    // TODO: Write your own logic and then send a 401 response to the frontend                },            }        })    ]});

supertokens.Init(supertokens.TypeInput{    RecipeList: []supertokens.Recipe{        session.Init(&sessmodels.TypeInput{            ErrorHandlers: &sessmodels.ErrorHandlers{                OnUnauthorised: func(message string, req *http.Request, res http.ResponseWriter) error {                    // TODO: Write your own logic and then send a 401 response to the frontend                    return nil                },            },        }),    },})

async def unauthorised_callback(req: BaseRequest, err: str, response: BaseResponse):    # TODO: Write your own logic and then send a 401 response to the frontend
supertokens_python.init({    'app_info': {...},    'supertokens': {...},    'framework': '...',    'recipe_list': [        session.init({            'error_handlers': {                'on_unauthorised': unauthorised_callback            }        })    ]})

Token theft detected#

Thrown when a session hijacking attempt has been detected.
We detect this using rotating refresh tokens.
The default behaviour of this is to revoke the session and send a 401 to the frontend.

NodeJS
GoLang
Python

let SuperTokens = require("supertokens-node");let Session = require("supertokens-node/recipe/session");
SuperTokens.init({    supertokens: {...},    appInfo: {...},    recipeList: [        Session.init({            errorHandlers: {                onTokenTheftDetected?: (sessionHandle, userId, req, res) => {                     // TODO: Write your own logic and then send a 401 response to the frontend                },            }        })    ]});

supertokens.Init(supertokens.TypeInput{    RecipeList: []supertokens.Recipe{        session.Init(&sessmodels.TypeInput{            ErrorHandlers: &sessmodels.ErrorHandlers{                OnTokenTheftDetected: func(sessionHandle, userID string,                    req *http.Request, res http.ResponseWriter) error {                    // TODO: Write your own logic and then send a 401 response to the frontend                    return nil                },            },        }),    },})

async def token_theft_detected_callback(req: BaseRequest, session_handle: str, user_id: str, response: BaseResponse):    # TODO: Write your own logic and then send a 401 response to the frontend
supertokens_python.init({    'app_info': {...},    'supertokens': {...},    'framework': '...',    'recipe_list': [        session.init({            'error_handlers': {                'on_token_theft_detected': token_theft_detected_callback            }        })    ]})